[BYOIP] Route filtering and RPKI concept page

src/content/docs/byoip/concepts/irr-entries/best-practices.mdx

@@ -1,32 +1,26 @@
 ---
-title: Best practices
+title: Manage IRR entries
 pcx_content_type: reference
 sidebar:
   order: 7
-head:
-  - tag: title
-    content: IRR entry updates best practices
-
 ---
 
-import { GlossaryTooltip } from "~/components"
-
-An Internet Routing Registry (IRR) record is what notifies internet service providers (ISPs) of how you are allowing your resources to be used. It is necessary to keep your IRR entries up to date so that it is public information that Cloudflare has permission to advertise your prefix or prefixes and to ensure that your traffic can be properly routed on the internet.
+import { GlossaryTooltip } from "~/components";
 
-The American Registry for Internet Numbers (ARIN) maintains an IRR that allows registrants of AS numbers and IP addresses to publish that information so that ISPs can make appropriate routing decisions. This helps ensure ISPs will recognize your routes as legitimate and enables them to ignore unauthorized routes published by someone else.
+You must keep your <GlossaryTooltip term="Internet Routing Registry (IRR)" link="/byoip/concepts/irr-entries/">Internet Routing Registry (IRR)</GlossaryTooltip> entries up to date so that it is public information that Cloudflare has permission to advertise your prefix or prefixes and to ensure that your traffic can be properly routed on the internet.
 
 ## Configure an IRR entry
 
-You can add or update an IRR entry by following the directions within any of the recommended internet registries listed in the [Internet Routing Registry](https://www.irr.net/index.html).
+You can add or update an IRR entry by following the directions of your routing registry.
 
 If you own your own subnet, use the RIPE and APNIC routing registries. These registries allow you to verify subnet ownership.
 
 If you lease your subnet, follow these guidelines:
 
-* When you do not need ownership verification, use the AFRINIC or NTT routing registry.
+* When you do not need ownership verification, use the AFRINIC registry.
 * When you submit a route object via email, use the ARIN registry. Address blocks owned by others do not appear in the ARIN interface.
 
-The recommended registries are AFRINIC, APNIC, ARIN, NTT, RADB, and RIPE.
+The recommended registries are AFRINIC, APNIC, ARIN, LACNIC, and RIPE.
 
 Each routing registry has its own set of instructions to configure an IRR entry. Refer to the table below for more information.
 
@@ -50,13 +44,9 @@ Each routing registry has its own set of instructions to configure an IRR entry.
       <td>ARIN</td>
       <td><a href="https://www.arin.net/resources/manage/irr/quickstart/">https://www.arin.net/resources/manage/irr/quickstart/</a></td>
     </tr>
-    <tr>
-      <td>NTT</td>
-      <td><a href="https://www.gin.ntt.net/support-center/policies-procedures/routing-registry/">https://www.gin.ntt.net/support-center/policies-procedures/routing-registry/</a></td>
-    </tr>
-    <tr>
-      <td>RADB</td>
-      <td><a href="https://www.radb.net/support/">https://www.radb.net/support/</a></td>
+		    <tr>
+      <td>LACNIC</td>
+      <td><a href="https://lacnic.zendesk.com/hc/articles/360038667154-What-are-a-route-and-a-route-6-objects">https://lacnic.zendesk.com/hc/articles/360038667154-What-are-a-route-and-a-route-6-objects</a></td>
     </tr>
     <tr>
       <td>RIPE</td>
@@ -72,8 +62,8 @@ Verify your Internet Routing Registry (IRR) entries to ensure that the IP prefix
 Each IRR entry record must include the following information:
 
 * **Route**: Each IP prefix Cloudflare advertises for you.
-* **Origin ASN**: Your ASN, or if you do not have your own ASN, the Cloudflare ASN (AS13335).
-* **Source**: The name of the routing registry, for example, AFRINIC, APNIC, ARIN, RADB, RIPE, or NTT.
+* **Origin ASN**: The Cloudflare ASN (AS13335) or your own ASN.
+* **Source**: The name of the routing registry (for example, ARIN).
 
 Add or update IRR entries when they meet any of these criteria:
 

src/content/docs/byoip/concepts/irr-entries/index.mdx

@@ -1,17 +1,22 @@
 ---
-title: Internet Routing Registry
+title: Internet Routing Registry (IRR)
 pcx_content_type: concept
 sidebar:
   order: 2
-
+  label: Overview
+  group:
+    label: Internet Routing Registry
+head:
+  - tag: title
+    content: IRR Overview
 ---
 
-The [Internet Routing Registry (IRR)](http://www.irr.net/index.html) is a globally distributed database of routing information. The IRR contains announced routes and routing policies in a common format, and network operators use this information to configure their backbone routers.
+import { GlossaryDefinition } from "~/components";
+
+<GlossaryDefinition term="Internet Routing Registry (IRR)" prepend="The [Internet Routing Registry (IRR)](http://www.irr.net/index.html) is " />
 
 The IRR consists of many individual [routing registries](http://www.irr.net/docs/list.html), and some are managed by regional entities, such as APNIC, ARIN, and RIPE. Each routing registry contains IRR entries that provide information about IP prefixes and the [autonomous systems](https://www.cloudflare.com/learning/network-layer/what-is-an-autonomous-system/) authorized to announce them.
 
 To announce your subnet prefixes, Cloudflare requires accurate IRR entries for your prefixes and autonomous system numbers (ASNs).
 
-When you configure network infrastructure for services such as [Magic Transit](/magic-transit/about/), [verify your IRR entries](/byoip/concepts/irr-entries/best-practices/#verify-an-irr-entry).
-
-For help with adding missing IRR entries or updating inaccurate entries, refer to the [best practices for IRR entries](/byoip/concepts/irr-entries/best-practices/).
+When you configure network infrastructure for services such as [Magic Transit](/magic-transit/about/), or before onboarding your IP to Cloudflare, [verify your IRR entries](/byoip/concepts/irr-entries/best-practices/#verify-an-irr-entry).

src/content/docs/byoip/concepts/route-filtering-rpki.mdx

@@ -0,0 +1,16 @@
+---
+title: Route filtering and RPKI
+pcx_content_type: concept
+sidebar:
+  order: 2
+---
+
+import { GlossaryTooltip } from "~/components";
+
+As referred in the [IRR concept page](/byoip/concepts/irr-entries/), network operators use IRR records to configure backbone routers. In summary, it is the IRR records that provide information about IP prefixes and the <GlossaryTooltip term="autonomous system numbers (ASNs)">autonomous systems</GlossaryTooltip> authorized to announce them. Then, network operators will apply filtering policies to avoid invalid announcements.
+
+Considering this important role of IRR records, validation via Resource Public Key Infrastructure (RPKI) was introduced. With RPKI, the IP/ASN association is cryptographically validated before being passed on to the routers.
+
+When registering your prefix under one of the five Regional Internet Registries (RIRs)[^1], you can generate a cryptographically-signed object called Route Origin Authorization (ROA). ROAs are public and you can use [Cloudflare's RPKI Portal](https://rpki.cloudflare.com/?view=validator) or other sources, such as [Routinator](https://rpki-validator.ripe.net/ui/), to check your prefixes.
+
+[^1]: AFRINIC, APNIC, ARIN, LACNIC, and RIPE.

src/content/docs/byoip/get-started.mdx

@@ -21,7 +21,7 @@ You must verify that your [Internet Routing Registry (IRR)](/byoip/concepts/irr-
     - `origin` matching the correct ASN you want to onboard
 
 :::caution[RPKI validation]
-You are not required to use <GlossaryTooltip term="Resource Public Key Infrastructure (RPKI)">Resource Public Key Infrastructure (RPKI)</GlossaryTooltip>. However, if you do, make sure your <GlossaryTooltip term="Route Origin Authorization (ROA)">ROAs</GlossaryTooltip> are accurate. You can use [Cloudflare's RPKI Portal](https://rpki.cloudflare.com/?view=validator) and a second source such as [Routinator](https://rpki-validator.ripe.net/ui/) to double-check your prefixes.
+You are not required to use <GlossaryTooltip term="Resource Public Key Infrastructure (RPKI)" link="/byoip/concepts/route-filtering-rpki/">Resource Public Key Infrastructure (RPKI)</GlossaryTooltip>. However, if you do, make sure your <GlossaryTooltip term="Route Origin Authorization (ROA)">ROAs</GlossaryTooltip> are accurate. You can use [Cloudflare's RPKI Portal](https://rpki.cloudflare.com/?view=validator) and a second source such as [Routinator](https://rpki-validator.ripe.net/ui/) to double-check your prefixes.
 :::
 
 ## Process overview

src/content/glossary/byoip.yaml

@@ -17,7 +17,7 @@ entries:
 
   - term: Internet Routing Registry (IRR)
     general_definition: |-
-      a globally distributed database of routing information which contains announced routes and routing policies in a common format. Network operators use this information to configure backbone routers.
+      a globally distributed database of routing information which contains announced routes and routing policies in a common format. Network operators use this information, as well as [RPKI](/byoip/concepts/route-filtering-rpki/), to configure backbone routers.
 
   - term: Resource Public Key Infrastructure (RPKI)
     general_definition: |-